Friday, December 21, 2007

Proof Positive of Internet PIN Debit's Potential

To demonstrate the inherent value of developing ATMDirect's PIN Debit offering, I bring you this very recent article from Digital Transactions News. Before I do, I will reiterate that the potential is staggering...and want to point out that everything is already in place to put together an innovative distribution methodology...

Bundled package consisting of: a biometric mouse, with both TrueMe's authentication software and ATMDirect's PIN debit software on CD-ROM and have them distribute them to their banking customers to further secure their online banking, password authentication and PIN Debit purchases on the web. A biometric mouse, (rather than UPEK's stand-alone sensor) makes more sense in the distribution process, because, rather than ADD another device to a computer, a consumer could just REPLACE their old worn out mouse with the new built-in biometric technology that is offered by getting a UPEK sensor.

By simply "combining" TrueMe, ATMDirect and a biometric mouse, they will have created a "new and improved" biometric mouse, and a means to distribute it to consumers through their banking institutions. They can then build a lot of momentum for not only Internet PIN debit, but also enroll a lot more people in their biometric authentication platform. Does anybody else out there think this is a good idea, or am I being to simplistic in my approach? Please, I ask everyone who reads this to let me know. If I hear from enough of you (including any ideas you may have in addition to one's I've put forth) I won't stop pursuing this. Just drop me a yay or nay at: johnbfrank@gmail.com

Here's the article. After the article, I have included previous posts regarding "How to Build a Better Mousetrap" including, the first one from February 07, 2006:

HomeATM Aims to Bring PIN Debit, Card Present Rates to the Web

A small engineering company in Montreal has struck a deal with Universal Air Travel Plan Inc., a Washington, D.C.-based switch for some 220 airlines and travel agencies around the world, to enable air carriers to accept PIN debit and credit cards on their Web sites with card-swipe authentication. In addition, it has applied for a patent on technology it says could give online merchants card-present rates on credit card payments. Web-based merchants must pay so-called card-not-present interchange rates on credit card transactions, which are higher than the rates brick-and-mortar retailers pay.

The company, HomeATM, has five online merchants using its technology, which relies on low-cost card-swipe devices linked via USB connections to users’ computers. Now, with access to UATP’s airline connections, the company says it’s gaining momentum as Internet merchants show an increasing willingness to try alternatives to conventional credit cards.

Mitchell Cobrin, HomeATM’s chief operating officer, says the company expects to be processing for a dozen merchants by year’s end. He projects the company’s deployed base of devices, now at 5,500, will double by the end of the first quarter next year.UATP may not be the only major merchant or processor evaluating HomeATM’s product and technology like it. With interchange rates rising, and with the premium on card-not-present rates making Internet transactions on cards even more expensive, merchants of all sizes are looking at alternatives, such as PIN debit.

HomeATM was one of three companies (ATMDirect was another) Costco Wholesale Corp. and its processor, Chase Paymentech Solutions LLC, talked to last month about the possibility of handling PIN debit transactions on the warehouse retailer’s Web site (Digital Transactions News, Nov. 21). Former Chicago entrepreneur Ken Mages, HomeATM’s chairman and chief executive, refuses to discuss the Costco talks.HomeATM’s patent application is for technology it calls PinMyCard, which allows online buyers to use a card-swipe and PIN pad device linked to their computers to authenticate themselves and choose a PIN for current and future transactions. PinMyCard redirects buyers who click on a credit or debit card choice at checkout to HomeATM’s server, where they are prompted to swipe their cards. PIN debit users also enter their PINs. Using links to credit and debit card networks, HomeATM authenticates users from data captured through the devices. All data are encrypted in triple DES before flowing out of the device and into the browser. Each user then selects a PIN to be assigned to his card and can use the PIN to make future purchases. Users need not revisit the PinMyCard site unless they wanted to change their PINs.The process should be robust enough, argues Mages, to qualify transactions for card present interchange. He says his company has worked out agreements with two major processors, which he will not name, that will “accept PINs as signatures.” Still, the bank card networks would have to agree. “There’s some grunt work that needs to be done,” Mages concedes. But he contends that the networks must ultimately defer to merchant demand, particularly as both Visa Inc. and MasterCard Inc. find themselves serving constituencies much broader than their traditional bank client base. “The question is whether or not they are amenable to addressing the needs of their clients and realizing their customers are going to demand this,” he says.Transaction fees vary by volume and the network needed to authorize transactions, Mages says. HomeATM absorbs costs such as network interchange and builds it into its fee structure. In some cases it charges a flat fee, but in others a percentage rate, says Mages. Merchants could save costs by encouraging PIN debit transactions, which are dramatically lower than credit card costs on higher-ticket items like airfare, and could save on credit card transactions if HomeATM succeeds in winning card-present treatment from the networks.HomeATM, which incorporated in Canada less than two years ago and has a head count of 15, relies on technology acquired in 2005 and 2006 from Kryptosima, an Atlanta-based company that had developed a system that allowed PIN entry via peripheral devices hooked up to a computer. But while Kryptosima was asking merchants to pay $40 or so for each device, Mages says HomeATM has worked that price down to $5. That price makes it a more saleable investment for merchants looking to save on acceptance costs, he says. As for user resistance to peripheral devices—a factor that has plagued similar ventures in the past—Mages says younger users, in particular those enamored of iPods and similar devices, see nothing unusual about hooking up a device to make purchases on the Web.UATP, which has already opened its network to PayPal and CheckFree, has been actively seeking alternative payments for its member airlines for the past two years (Digital Transactions News, Sept. 2, 2005). “[HomeATM] seemed to be a good option for us,” says Tom Cunningham, vice president of business development at UATP. “They have a unique proposition, with the PIN option and the security that gives.”As with any alternative payment processor, HomeATM will have to sell its service to each UATP member airline. But Cunningham says the company is likely to find a receptive audience. “Airlines are interested in cost savings, and alternative payment fees have their own economics,” he says.

Want an even MORE receptive audience? ATMDirect DOES NOT require a PIN Pad Reader, only software. I first mentioned this potential in the very beginning of 2006, going on 2 years now. Here's my posts regarding that very potential, starting with the first one, but then in no (although dated) no particular order...

Tuesday, February 07, 2006

Suggestion to Help Drive Mass Adoption of Pay by Touch Online by Building a Better “Mouse”trap

Yesterday, Digital Transactions Magazine suggested that Pay by Touch “may face a hurdle when it comes to getting consumers to acquire and hook up finger scanners. It says “consumer adoption of peripheral devices has lagged with other authentication and payment programs.”

Today, IT Week in the UK said: Pay By Touch, has launched an online version of its fingerprint reading service. However, there is a need for an external device, the fingerprint reader- which could be a barrierto-adoption.

And Internet Retailer reported today that: “To use the online service, consumers must purchase a finger sensorfrom the Pay By Touch web site or from Pay By Touch partners, such as Internet merchants and financial institutions", says Jon Siegal, executive vice president of Pay by Touch Online. "Finger sensors will cost less than $30".Editor's Note: (inserted October 4th, 2007) Anybody still wonder why he's gone...

Although I agree that consumer adoption of peripheral devices has lagged, (as there are many documented examples), I would suggest that the reason it happens is because; in those cases, there was a requirement for an “additional” peripheral device. An additional device requires an available USB port, which sometimes people don’t have available. It also requires installation and additional space on the desktop. These requirements will diminish adoption levels. As you know, people purchase items because they “want” them or, to a lesser extent, because they “need” them.

If a PC user could simply replace their existing “older” peripheral device with a “brand new superior” device the adoption hurdles may well be alleviated. PBT could therefore; simply offer a higher quality replacement for a device the consumer already has, needs and uses…their mouse.

The PBT biometric “mouse” would not require an additional port, it’s easy to hook up, it doesn’t take up additional desk space, and it will include a biometric sensor for more secure and convenient online banking and online shopping. Now we’ve got a potential recipe for success.

The replacement of anything old with anything new, happens more frequently in the field of technology than anywhere else…especially when advanced features and ease of use are involved. It is a natural psychological fit, because we want the consumer to “replace” the way they currently purchase online with Pay by Touch, not just add PBT as another “optional” payment choice. If it came from a well-known manufacturer, Microsoft for example, then brand association would help with mass adoption. The alternative is providing it on an OEM basis, emblazoned with the PBT logo, resulting in better branding for PBT. Personally, I’d go the OEM/PBT logo route, as it essentially puts our name and logo in front of the user 24/7/365, or every time they use their PC.

The end result is that instead of Pay by Touch selling a finger scanner for $30, we’d be offering a better alternative to their existing mouse. This new bio-mouse would be wanted not only because it’s brand new, but also because it upgrades their existing old peripheral with a new dynamic...a biometric sensor.

A mouse with the PBT biometric sensor would help alleviate fears and provide “peace of mind” by enhancing security when transacting online. It could also be used to securely sign in thus alleviating the need for passwords.

There also exists, a powerful turnkey natural distribution system, with over 34 million+ “captured” customers, and 66 million "captive" users, but more on that in a minute.

A Biometric Mouse could be OEM’d by PBT and distributed via banks to secure and procure online banking customers and create PBT enrollees. What if Pay by Touch (via a distributor) offered to make this upgraded more technologically advanced, biometric mouse, available for “FREE”? What? Did I just say the “F” word? Yes, I apologize but hear me out; I’m trying to drive adoption here.

This may sound like it would be capital intensive but it isn't. There is a very cost effective, and resourceful way for Pay by Touch to accomplish this.

First: Identify the target market. I’m suggesting it is the online banking customer. Currently there are 35 million (and growing) online banking consumers, most of whom have concerns regarding online security. Biometrics can appease those concerns.

Second: Identify the target distribution method. Obviously, it is their banks because that's who consumers already with their money. Consumers are more apt to follow the suggestion of a trusted source and banks are that “trusted source.”

Potential Problem: Usually distributors need to have some sales acumen, and banks aren't known for that. Potential Problem Solved: Banks overcome this disadvantage because they already have established, inherent trust. Two of the most important goals in sales are to establish trust and overcome the unspoken objection.

The unspoken objection when you give away something free, is: “There must be a catch” and “There's no such thing as a free lunch.”

Banks however, naturally overcome that objection because they have been giving away things for free since the beginning of time. It's the only way they know how to sell. Instead of toasters, microwaves, radios, etc., why not a free Pay by Touch Biometric Mouse when their existing customer signs up for their new improved, more secure online banking program.

The task at hand now becomes: How can Pay by Touch convince Banks to become “very enthusiastic” distributors of a device that costs them $30 a pop?

Here’s five ways:First, point out that the bank would benefit economically by eliminating the IT costs associated with e-mailing “username /password,” reminders or costs associated with resetting them every time there is a suspected breach... a cost that has been estimated to average around $150 annually per user.

Third, there is more loyalty from online banking customers. Forrester Research reports that online banking customers are 40% more likely to stay with their institution.

Fourth, Biometrics from PBT would increase the potential number of that bank's customers who would sign up for their online bill payment as it would be safer and more convenient.

Finally, Pay by Touch could point out that; it would cost the bank essentially nothing and simultaneously provide a tremendous value in return. Here's why it would cost the bank essentially nothing to give these away free.

a: By eliminating a user that costs $150 per year and replacing them with one that doesn't, the $30 investment results in a $120 return on investment…the first year alone.

b: The bank could write off the cost of the mouse ($30), as an “advertising” expense instead of the $150 as an “operating” expense, and it would be advertising money better spent than normal advertising, because it would target a specific “profitable” niche.

Consequently, the bank’s customers would benefit from increased convenience and peace of mind. PBT could help position the bank to convert the customer into an Online Banking AND Bill Payment user and Pay by Touch Online would have a potential user. (highly likely with our logo staring them in the face every time they click their mouse)

A Forbes Online Banking survey found that 75 percent of online banking respondents pay bills directly at vendor websites and other third party payment services instead of at their own bank, and “customers who pay bills online are more satisfied than those who don’t, providing banks an opportunity to increase satisfaction and loyalty by converting online bankers to online bill payers. The report can be accessed below:

Therefore, the bank's online banking system would become both more profitable and secure and simultaneously create a more loyal banking customer. Pay By Touch would benefit by utilizing this distribution strategy which provides a client (the bank) who is ripe for cross selling other PBT services, i.e. our credit card processing services via our Agent Bank Program. Sounds "win-win-win" to me.The Underbanked “are” Banked, they're just not Online yet…

In the trade-rags I read, everyone is so excited about going after the “unbanked” marketplace. The unbanked are virtually useless to us in this application because we need people who have a checking/debit or credit account. So let’s identify a different type of customer, one I'll call the "under" banked consumer...the one with a checking and or debit account, however, the one that does not use online banking.

Having identified the "under" banked market as “offline banking” customers” PBT can help the banking institution "convert" these customers into "online" banking customers with the same previously aforementioned PBT biometric mouse offer. On the surface, it seems like an ideal conversion device.

There are 65 million under banked customers and by working with the banks, we have the potential ability to convert a lot of them into online banking customers. It appears to be a viable marketplace.

Look at the growth and numbers of online banking customers in the chart on the left. It's an exciting high growth market and Pay By Touch is in possession of a compelling product that can provide a safer environment for a bank's online banking platform. A strong market is in it's early stages of evolution... existing bank customers who are not yet banking online.

We can target market bank's with the aforementioned benefits and once we procure a distribution agreement, their banking members become our captive market. It also creates an opportunity to cross-sell our card processing and check cashing programs, thus enhancing both of those divisions.

If 34.2 million people bank online and 66% do not, that leaves a 65.8 million under banked and thus, a hugely untapped target market. I believe that banks will align with us because it really is a turn-key promotion with enough built-in benefits to all parties to make the proposition enthralling.

“This year, for the first time in 10 years, the volume of online banking transactions processed by us -- 1.5 billion per year and climbing -- has surpassed ATM, phone and teller transactions combined, said Sanjay Gupta, a top e-commerce executive with Bank of America

Banks would save, thus earn “lot” of money by converting their unbanked “offline” into “online” banking customers. It's always easier (and cheaper) to “keep customers you have” than to get them back “after they leave.” (ask AT&T) And we would help them procure millions of “more loyal” enrollees and at the same time procure potentially millions of PBT Online users. (Which will, in turn, attract the top Internet Retailers to do business with us as well)

Loyalty from online banking customers outperforms offline-banking customers by 40%. Therefore, to increase loyalty, you go after the offliners. Pay by Touch can be of significant value in doing that and banks can be of significant value to spur enrollment.

More About Banks and Bill Payments

Online Banking and Bill Payment are two of the fastest growing applications on the Internet, yet banks face significant challenges to achieving widespread adoption of the Web channel and to maintaining ownership of the online bill payment relationship.

“For banks, the key message is that there is tremendous payoff for encouraging their customers to pay bills at the bank site. The more bills customers pay on their bank’s website, the more satisfied they are and the more likely they are to purchase more products and services from their bank online or in a branch,” said Larry Freed, an online satisfaction expert and head of ForeSee Results.

“Adopting the bank’s web channel does not necessarily decrease customers’ use of other channels, however, it does make customers more loyal, more likely to increase share of wallet and more inclined to recommend their bank’s website to their friends, neighbors and colleagues.”

A technology that allows consumers to use their debit cards and PINs to buy items on the Internet will likely undergo tests with at least one electronic funds transfer network starting the first half of 2006.

A full commercial rollout involving at least one major merchant should be in progress by the end of 2006, says ATM Direct, the Irving, Texas-based company that invented the technology, which relies on a screen-based "floating PIN pad" to let cardholders enter PINs by means of mouse clicks rather than key entry.

The company, whose assets were acquired out of bankruptcy this year by Pay By Touch Solutions, the San Francisco-based biometric-payment processor, is already in discussions with Internet merchants and hopes to secure agreements to flow transactions through regional EFT networks beyond ACCEL/Exchange, the Bellevue, Wash.-based network with which it expects to conduct a pilot next year. "We're in aggressive conversations with a majority of the EFT networks," says Robert Ziegler, senior vice president and general manager for ATM Direct.

Ziegler says the only EFT network he hasn't approached is Interlink, which is owned by Visa USA. "I hope that they will see the value in this market opportunity and be as receptive as other EFT Networks have been as we go to market in 2006,” says Ziegler.ACCEL/Exchange, a unit of banking processor Fiserv Inc., says it has been in talks with ATM Direct for some time and is in the midst of planning its pilot of the company's system. "There is going to be demand for this product" among consumers to whom the security of PIN debit will have appeal for e-commerce, says Mike Williams, senior vice president at the network. No definite specifications have been settled on yet, says Williams, but he says it "will have a limited scope and will be very regulated."

Ziegler says that, as part of on ongoing marketing and promotional activity, the initial bank, which he won't name, will be the primary issuer of the debit cards. He figures it will send out about 50 to 100 cards per month to key “influencers,” including industry analysts and merchants, each of whom will receive a PIN-protected card that can be used at participating merchant sites. An unnamed merchant in Dallas will be the first site operational in 2006.

A launch by ATM Direct of PIN-based online payments would represent the latest effort to bring debit secured by PINs or passwords to the Internet. NACHA, the rules-setting organization for the automated clearing house, is formulating a system whereby consumers could pay online from their checking accounts by authenticating themselves to their online banking programs (Digital Transactions News, April 13, 2005). And at least one other company, InstaPay Systems Inc.'s Kryptosima unit, has introduced a system that involves PIN pads that hook up to consumers' PCs (Digital Transactions News, Sept. 7, 2004).

Up to now, EFT networks have been loath to allow PINs to be used on the Internet, fearing the potential for fraud. Only in the past couple of years have they allowed so-called PIN-less debit transactions, in which consumers can pay bills to a limited range of organizations using their PIN debit accounts but without entering a PIN. For this reason, ATM Direct's technology, on which it has seven patent applications pending at the US Patent and Trademark Office, has the potential to open the broad world of Web-based retailing to PIN debit, a rapidly growing form of electronic payment. "Our revenue opportunity is quite large," says Ziegler.

ATM Direct will charge online merchants directly for each transaction, absorbing network interchange fees and building them into its own pricing. Ziegler won't reveal ATM Direct's merchant fee, but projects that for most merchants it will be roughly half what they currently pay for card-not-present transactions.

ATM Direct's system works by downloading digitally unique code to the consumer's desktop, setting up a process of multi-factor authentication in which the company can authenticate the consumer by recognizing the code and by means of technology such as geo-location. The company also sweeps the consumer PC for keyloggers and other trojans. "We turn the consumer's PC into a recognizable point-of-sale terminal" on ATM Direct's network, Ziegler says. The company can also present out-of-wallet questions, set up by consumers when they enroll with merchants or online banking programs, in cases when it suspects something is amiss.

"We're looking at over 300 data points in real time to determine if this terminal is trusted," says Ziegler. This process includes matching shipping and billing addresses and performs online address verification with third-party databases, he says.

When the consumer is ready to buy and ATM Direct is satisfied the PC is secure, the system presents on the screen a keypad for PIN entry. The pad is called a floating PIN pad because a different numerical configuration is presented each time. This process disables the computer keyboard, allowing entry only by mouse click. Ziegler says that while the clicks initiate the PIN acquisition process, they don't yield the actual PIN. PIN acquisition is triggered by another process underlying the virtual PIN pad, details of which he won't discuss. "This gets into our secret sauce," he says.

Once this process is complete, ATM Direct returns a signed token to the merchant, asking if the merchant wants to go forward with authorization. If so, it creates a transaction message, including a PIN block with PINs encrypted at two-key triple DES, to go to the relevant EFT network for authorization and settlement at the issuing bank. "We look exactly like a PIN debit processor" to the network at that point, says Ziegler.

ATM Direct's efforts to process PIN transactions for online merchants represents a thrust by Pay By Touch, which secures physical point-of-sale payments by means of mathematically derived fingerprint templates, into the virtual world. It's also the second major initiative launched by Pay By Touch regarding PINs. As reported by Digital Transactions News earlier this week, the company is in discussions with EFT networks to allow biometrics as a proxy for PINs for in-lane payments. Pay By Touch says one undisclosed network has already changed its operating rules to permit the biometric proxy (Digital Transactions News).

Thursday, June 08, 2006

Pay By Touch's ATM Direct Looks to Add Another Network, More Online Retailers

ATM Direct, which this week announced agreements with an electronic funds transfer network and an Internet merchant to process PIN-secured debit card payments on the Web, has signed another online retailer, which will go live on its system in August.

This second, unnamed merchant, which does $250 million annually in Web sales, could be followed later in the summer by a third, Ziegler says, with which ATM Direct is now in talks. In addition, the company, a unit of biometric-payments processor Pay By Touch Inc., San Francisco, also plans to bring live a link to a second EFT network within 90 days, Ziegler says.

For 2007, Ziegler says, look for ATM Direct to process PIN debit payments on handsets as it rolls out a mobile version of its software.

Also on tap for next year, he adds, is a recurring-payment capability for utilities and other biller categories that may now accept so-called PIN-less debit transactions.

When launched, this product will allow these billers for the first time to accept recurring debit card payments, since EFT network operating rules currently do not permit recurring payments using PIN-less debit.

On top of this, ATM Direct has also begun marketing its software to banks as authentication technology that complies with guidelines released in October by the Federal Financial Institutions Examination Council that push banks to adopt multifactor authentication for online banking.

The flurry of developments caps months of behind-the-scenes work by the company, whose software allows consumers to enter debit card PINs securely on a computer screen, to bring its product to market following its acquisition last year by Pay By Touch (Digital Transactions News, Dec. 16, 2005).

Those efforts bore fruit this week with the announcements that the Bellevue, Wash.-based ACCEL/Exchange network has agreed to switch transactions processed by ATM Direct (Digital Transactions News, June 5) and that The J. Paul Co., a Dallas promotional-goods merchant, in July will begin accepting PIN debit payments on its Web site through ATM Direct.

Transactions will build over time, Ziegler says, as more and more of ACCEL/Exchange’s 3,500 banks bring their cards live on the system. “It’s a managed rollout,” he says. “Some issuers will be able to transact immediately, and we’ll add others over time. We want everyone on the network to have a real good experience.”

By year’s end, he projects, some 60% of ACCEL/Exchange’s 80 million cards will be enabled for ATM Direct. Transaction growth should accelerate, too, with the addition of the second EFT Network, which Ziegler refuses to name, as well as the large retailer.

For larger retailers, says Ziegler, his product’s appeal lies in a 5% to 6% incremental sales increase the company’s research shows online merchants can gain by enabling customers to pay with PIN debit.

Though he won’t give specific pricing, he says ATM Direct’s fees to merchants should result in acceptance costs that are on average about half what e-commerce sellers now pay in card-not-present rates. Larger merchants will enjoy a bigger break, he says. Pricing, he says, will follow “multiple models,” sometimes including both percentage and fixed-fee components, sometimes not.

ATM Direct’s system works by downloading digitally unique code to the consumer's desktop, setting up a process of multifactor authentication in which the company can authenticate the consumer by recognizing the code and by means of technology such as geo-location. The company also sweeps the consumer’s PC for keyloggers and other trojans.

When the consumer is ready to buy and ATM Direct is satisfied the PC is secure, the system presents on the screen a keypad for PIN entry.

The pad is called a floating PIN pad because a different numerical configuration is presented each time. This process disables the computer keyboard, allowing entry only by mouse click. Once PIN entry is complete, ATM Direct returns a signed token to the merchant, asking if the merchant wants to go forward with authorization. If so, it creates a transaction message, including a PIN block with PINs encrypted at two-key triple DES, to go to the relevant EFT network for authorization and settlement at the issuing bank. In this sense, it operates as if it were another processor hooked into the EFT network’s switch.

Tuesday, June 06, 2006

In a development that could lead to the first significant use of PIN debit for Internet transactions, the ACCEL/Exchange electronic funds transfer network has agreed to handle PIN-secured debit card transactions processed by ATM Direct, a unit of San Francisco-based Pay By Touch Inc.

The network, which is based in Bellevue, Wash., and links 3,500 financial institutions and 80 million cards, is the first ATM network recruited by ATM Direct to handle transactions generated by its technology, which allows consumers to use their ATM cards and PINs to buy merchandise and services online.

The agreement between ACCEL/Exchange and ATM Direct comes nearly six months after the network, a unit of Milwaukee-based processor Fiserv Inc., first indicated it was planning to run a pilot of the Irving, Texas-based company’s system (Digital Transactions News, Dec. 16, 2005).

“We are pleased to participate in the introduction of an exciting value-add payment service like Internet PIN debit because of the potential it has to offer,” said Mike Williams, senior vice president of Fiserv EFT, in a statement.

ATM Direct says its system offers online merchants transactions at lower pricing than card-not-present credit card rates while also guaranteeing payment. For consumers, the company says, it offers higher security for Web purchases. The joint announcement from the two parties does not say when transactions will start flowing.

ATM Direct has also been in discussions with online merchants and service providers about accepting payments through its system. An unnamed merchant in Dallas was expected to be the first site operational on the system in 2006, Robert Ziegler, senior vice president and general manager at ATM Direct, told Digital Transactions News in December, though that merchant has not yet been announced. (It's JPaul Companies)

Up to now, EFT networks have been loath to allow PINs to be used on the Internet, fearing the potential for fraud. Only in the past couple of years have they allowed so-called PIN-less debit transactions, in which consumers can pay bills to a limited range of organizations using their PIN debit accounts but without entering a PIN.

For this reason, ATM Direct's technology, on which it has seven patent applications pending at the U.S. Patent and Trademark Office, has the potential to open the broad world of Web-based retailing to PIN debit, a rapidly growing form of electronic payment.

ATM Direct’s system works by downloading digitally unique code to the consumer's desktop, setting up a process of multifactor authentication in which the company can authenticate the consumer by recognizing the code and by means of technology such as geo-location. The company also sweeps the consumer’s PC for keyloggers and other trojans.

When the consumer is ready to buy and ATM Direct is satisfied the PC is secure, the system presents on the screen a keypad for PIN entry. The pad is called a floating PIN pad because a different numerical configuration is presented each time. This process disables the computer keyboard, allowing entry only by mouse click. Once PIN entry is complete, ATM Direct returns a signed token to the merchant, asking if the merchant wants to go forward with authorization.

If so, it creates a transaction message, including a PIN block with PINs encrypted at two-key triple DES, to go to the relevant EFT network for authorization and settlement at the issuing bank. In this sense, it operates as if it were another processor hooked into the EFT network’s switch.

Monday, February 27, 2006

ATM Direct, a company that Pay by Touch has been working with for the last two years and one that they acquired in their acquistion spree last December, is beta live.

ATM Direct has a patent pending "software only" solution for Internet PIN debit. PIN Debit is not yet available for internet retailers to use as a form of payment. When Pay by Touch makes it available, retailers will save approximately half of what they currently pay in interchange fees which translates to savings for their customers.

Here are some related links to previous posts which are also listed at the bottom of this post.

Their proprietary solution utilizes advanced PKI, device intelligence, geolocation and behavioral analysis to protect consumers while transacting on the Internet. The authentication framework built to enable PIN-debit on the internet is now available as a FFIEC compliant solution for online banking.

What is atmdirect?

atmdirect is a Pay By Touch company, the world leader in biometric payments and authentication at the point-of-sale.

atmdirect is a certified PIN-debit and PIN-less acquirer-processor.

atmdirect facilities have been audited and certified to meet or exceed the standards and regulatory requirements of the EFT industry.

atmdirect provides PIN-based payments and authentication services to the Internet.

atmdirect is driving a "cooperative" model to enhance the entire supply chain by leveraging the existing infrastructures and distribution channels.

atmdirect dramatically expands the global customer base of the Internet by enabling the use of PIN-debit on the Internet.

atmdirectis the only company in the world that can provide these services with a software-only solution.

atmdirect's solution does not require any changes to bank or network infrastructure enabling rapid and low cost adoption worldwide.

atmdirect is the emerging provider of software based multi-factor authentication services for online banking and consumers.

A Technology Breakthrough

ATM Direct's patent-pending technology allows for the secure and private entry of the PIN on a computer. When paying with PIN-debit, the consumer simply enters his PIN using their mouse on a graphical PIN-pad on their screen. The PIN is authenticated directly with the consumer’s bank through our secure data center by routing the transaction to the appropriate EFT network without passing the transaction through the merchant’s system. The PIN is never in the clear and cannot be logged or hacked. This service is a software based solution that the customer simply downloads when prompted by the merchant or a trusted partner.

INTERNET PIN-DEBIT PAYMENTS

The most secure and most widely accepted payment standard in the world is coming to the Internet.

Use of debit cards on the Internet continues to grow and now exceeds the use of credit cards. We deliver a unique, patent-pending, software-only solution that enables the secure use of existing bank-issued debit cards with their PINs. Internet PIN-Debit will dramatically reduce payment costs and fraud.

MORE SECURITY AND PRIVACY

The PIN authenticates the cardholder’s identity. We ensure that the consumer’s PIN is never in the clear, never available on the merchant site or in the consumer’s computer.

PIN debit has been in use for over 20 years at ATM Machines and retail store checkout and is proven to be the most secure payment method available. Now you can use your PIN-based debit card to pay for purchases on the Internet simply and easily just like you do with your card and PIN at the cash register in a retail store every day. There are no new devices, passwords or registrations required.

How to Get ATM Direct

It's simple!You simply downloand our secure proprietary PIN-pad to your PC or laptop. This download occurs just like your anti-virus software. This PIN-pad is wrapped with and protected by industry leading security software technologies and protections that ensure that no hacker, logger or spyware can ever see or access your PIN.For further information on Pay by Touch Online and ATM Direct please see my previous posts which I have listed below for your convenience:

Wednesday, April 11, 2007

On Monday, I posted the press release regarding ATM Direct, a division of Pay By Touch, partnering with e-commerce company 2Checkout.com to form the internet’s first software-only PIN-debit payment service.

Today, I'll provide more detail as to why this particular watershed event is a major milestone for Pay By Touch in its quest to "change the way the world pays".

In my first post following the acquisition of ATM Direct, I vocalized my strong opinion that this particular product could udderly (pun intended) become a Pay By Touch cash cow. (links to definition on Wikipedia )

Prior to ATM Direct, Internet PIN debit was simply and unequivocally, not even an option for Internet Retailers. This "missing link" to Internet retailing costs "individual" web merchants hundreds of thousands, even millions of dollars per year in excess processing fees.

Pay By Touch is now in a unique position to change the way the World and the World Wide Web transacts.

The reason why an Internet PIN debit option has not existed prior to now is simple. The physical card is not present at the physical location whilst making web purchases. The result is that Visa and MasterCard can charge the Internet Retailers a higher "card not present" rate. PIN Debit results in the transaction becoming more secure because the user must enter their Personal Identification Number" (PIN) and therefore the cost of the transaction is significantly lower.

This product from Pay By Touch becomes a milestone event, because Internet Retailers, even those that boast billion dollar annual sales volume, pay 25% to 50% more in transaction fees than they would with PIN Debit fees. The timing is right because, according to a recent report by Jupiter Research, online debit card use will surpass online credit card use in 2007. Debit transactions surpassed credit transaction last year at "brick and mortar" locations.

ATM Direct bills itself as a secure and inexpensive alternative to credit and signature-debit acceptance online. Without discussing pricing, ATM Direct’s fees are less than half what merchants pay for bank card transactions.

PIN debit at the physical point of sale is generally priced by EFT (Electronic Funds Transfer) networks at rates below signature debit.

"Credit cards were not designed for use on the Internet. With no card present, and no signature available, the risk is too high and fraud is too prevalent Lower cost debit cards already outnumber credit card transactions on the Internet, however, they are processed at "credit card transaction rates".

PIN Debit from Pay by Touch will CUT PROCESSING FEES IN HALF with a payment that is 15 times more secure ...and open their store to more customers.PIN-debit is the most widely used card payment method in the world and is often the only card payment alternative in countries where credit card and "signature" debit cards are not widely used or not available.

Getting back to where I left off, anywhere from 7% to 15% of the signature-debit transactions CURRENTLY accepted by merchants ATM Direct has targeted could be converted to PIN debit, That's without advertising to consumers that they could use their safer, more secure PIN Debit card. I would estimate, according to current industry trends, that the number would jump to 40-50%.

As with PIN debit at the point of sale, transactions are authenticated by consumer-entered PINs and funds are guaranteed to merchants. “We’re the only provider of online PIN debit,” Ziegler says. “And as part of our software, we give the consumer the security of an authentication framework to protect them when they’re online.”The ATM (Authenticated Transaction Monopoly?) Direct system, is the first and only Internet PIN Debit payment system that allows a consumer to use their check card or even an ATM card to make purchases on the Web.

There's no need for a new PIN, it works with the consumers existing PIN number. ATM Direct has been busy readying themselves for a big 2007. It is already a certified processor for physical POS PIN transactions not only on the ACCEL/Exchange network but also on the three major national systems, Star, NYCE, and Pulse.

Just think of the ramifications when Pay By Touch incorporates a second authentication (biometric signature) to the equation. The result would be the safest and most secure transaction one could possibly use to make web purchases. The actual card, the actual PIN and the Actual Person. No matter that the card is not present when multi-layerd authenticationally speaking, the person is. Triple authentication is something they HAVE (the card), KNOW (PIN) & ARE.(biometric)

An argument can be made for an even lower Interchange rate than currently exists for just PIN Debit.

According to Robert Zieglar, President of ATM Direct, the company is also processing so-called PIN-less debit transactions, which are bill payments consumers make online with PIN-debit account numbers but without PINs, for these networks. “When they’re ready, it makes it easy for them to move [into PIN-based online payment],” Ziegler says.

Pay By Touch signed its second Internet Retailer merchant this week and expects 18 more by the end of the year, including two more this quarter.

“I feel good about the conversations we’re having now with top online merchants,” says Robert Ziegler, general manager at Irving, Texas-based ATM Direct. “We’re right on track.” These “top” merchants, Ziegler says, are in the upper levels of Web retailers in terms of sales.

Editiors Note: Why wouldn't billion dollar annual sales web merchants like Amazon or JC Penney use PIN Debit if they could save millions of dollars annually in transaction fees? The short answer is that they will...eventually. Here's an educated guess...the fact that JC Penney is already a partner with Pay By Touch due to the SH Solutions acquisition, combined with the fact that JC Penney is also, like PBT, a Saatchi & Saatchi "lovemark", provides a common denominator that suggests that JC Penney just may be ATM Direct's first billion dollar Internet merchant. Once you get one, it snowballs. The competition doesn't like to see their competitor saving millions per year in transaction fees without wanting to level the playing field by jumping on board as well...

ATM Direct also expects soon to sign an agreement with a second, unnamed electronic funds transfer network to enable its technology.

The ACCEL/Exchange network, based in Bellevue, Wash., has been testing the service for about a year, but Ziegler says ATM Direct is now a commercial processor on the network, which is owned by Milwaukee-based Fiserv Inc. And, the company plans to introduce a mobile version of its technology “late this year,” Ziegler says.

ATM Direct’s plans could be furthered by getting more EFT networks to enable its technology. ACCEL/Exchange, whose 80 million cards account for about one-third of those in circulation, will bring the last of its 3,500 member banks live on the service by the end of the quarter, Ziegler says.

ATM Direct’s patent-pending system works by downloading digitally unique code to the consumer's desktop, setting up a process of multifactor authentication in which the company can authenticate the consumer by recognizing the code and by means of technology such as geo-location. The company also sweeps the consumer’s PC for keyloggers and other trojans.

When the consumer is ready to buy and ATM Direct is satisfied the PC is secure, the system presents on the screen a keypad for PIN entry.

The pad is called a floating PIN pad because a different numerical configuration is presented each time. This process disables the computer keyboard, allowing entry only by mouse click. (eliminates keylogging)

Once PIN entry is complete, ATM Direct returns a signed token to the merchant, asking if the merchant wants to go forward with authorization.

If so, it creates a transaction message, including a PIN block with PINs encrypted at two-key triple DES, to go to the relevant EFT network for authorization and settlement at the issuing bank. In this sense, it operates as if it were another processor hooked into the EFT network’s switch.

Here are some key findings from a recent report from Jupiter Research...

Online payment shifting from credit to debit, Jupiter report finds

As in the offline world, consumers are shifting from credit to debit payment online, with debit transaction volume expected to surpass credit transactions online by 2007. That has important implications for online merchants and card issuers, according to a new report from Jupiter Research, U.S. Online payments Forecast, 2007-2010

A signature is required to authorize a debit transaction, an option that cannot exist online.

PIN debit transactions, another means of user authentication aren't typically used online due to security concerns, and security concerns also have so far limited the growth of PIN-less debit transactions.

To reduce the risk of online debit transactions while accommodating consumers` desire for online debit transactions, Kountz also encourages merchants and card issuers to start exploring investing in platforms for Internet PIN debit.

Friday, February 02, 2007

ATM Direct, which provides secured debit card payments on the Web, plans to bring live a link to a second EFT network within 90 days, says Robert Ziegler, senior vice president and general manager of the Irving, Texas-based technology company.

For 2007, Ziegler says, look for ATM Direct to process PIN debit payments on handsets as it rolls out a mobile version of its software.

Also on tap for 2007, he adds, is a recurring-payment capability for utilities and other biller categories that may now accept so-called PIN-less debit transactions. When launched, this product will allow these billers for the first time to accept recurring debit card payments, since EFT network operating rules currently do not permit recurring payments using PIN-less debit. To open and view the PDF file of the ATM Direct Brochure click here or the picture

On top of this, ATM Direct has also begun marketing its software to banks as authentication technology that complies with guidelines released in October by the Federal Financial Institutions Examination Council that push banks to adopt multifactor authentication for online banking.

The flurry of developments caps months of behind-the-scenes work by the company, whose software allows consumers to enter debit card PINs securely on a computer screen, to bring its product to market following its acquisition last year by Pay By Touch

Those efforts bore fruit last year with the announcements that the Bellevue, Wash.-based ACCEL/Exchange network has agreed to switch transactions processed by ATM Direct (Digital Transactions News, June 5) and that The J. Paul Co., a Dallas promotional-goods merchant, in July began accepting PIN debit payments on its Web site through ATM Direct.

Transactions will build over time, Ziegler says, as more and more of ACCEL/Exchange’s 3,500 banks bring their cards live on the system. “It’s a managed rollout,” he says. “Some issuers will be able to transact immediately, and we’ll add others over time. We want everyone on the network to have a real good experience.” By year’s end, he projects, some 60% of ACCEL/Exchange’s 80 million cards will be enabled for ATM Direct.

Transaction growth should accelerate, too, with the addition of the second EFT Network, which Ziegler refuses to name, as well as the large retailer. ATM Direct’s selling proposition to smaller merchants is lower transactions costs, coupled with the fraud-management and guaranteed-funds features traditionally offered by PIN debit cards. For larger retailers, says Ziegler, his product’s appeal lies in a 5% to 6% incremental sales increase the company’s research shows online merchants can gain by enabling customers to pay with PIN debit.

Though he won’t give specific pricing, he says ATM Direct’s fees to merchants should result in acceptance costs that are on average about 60% what e-commerce sellers now pay in card-not-present rates. Larger merchants will enjoy a bigger break, he says. Pricing, he says, will follow “multiple models,” sometimes including both percentage and fixed-fee components, sometimes not.

As do other alternatives to credit cards for Internet merchants, ATM Direct faces the thorny issue of how to handle so-called exception items, including chargebacks, disputes over goods, and the like, all of which electronic debit systems were not originally designed to deal with.

Indeed, NACHA, the rules-setting organization for the automated clearing house, is struggling to define rules for handling transactions involving so-called split shipments in connection with a product it is developing to allow online merchants to accept guaranteed ACH payments. ATM Direct’s answer, says Ziegler, is to rely on merchants to handle disputes and other broken transactions. “We look to the merchant to resolve that,” he says. “They need to look out for the consumer. If they don’t deliver as promised, that could affect their relationship with us.”

ATM Direct’s system works by downloading digitally unique code to the consumer's desktop, setting up a process of multifactor authentication in which the company can authenticate the consumer by recognizing the code and by means of technology such as geo-location. The company also sweeps the consumer’s PC for keyloggers and other trojans.

When the consumer is ready to buy and ATM Direct is satisfied the PC is secure, the system presents on the screen a keypad for PIN entry. The pad is called a floating PIN pad because a different numerical configuration is presented each time. This process disables the computer keyboard, allowing entry only by mouse click. Once PIN entry is complete, ATM Direct returns a signed token to the merchant, asking if the merchant wants to go forward with authorization. If so, it creates a transaction message, including a PIN block with PINs encrypted at two-key triple DES, to go to the relevant EFT network for authorization and settlement at the issuing bank. In this sense, it operates as if it were another processor hooked into the EFT network’s switch.

Wednesday, September 20, 2006

ATM Direct, a Pay By Touch company, that was the first to introduce PIN Debit for Internet purchases, has been certified by AmbironTrustWave.

ATMDirect is enrolled in AmbironTrustWave's TrustKeeper® remote compliance program to validate compliance with the Payment Card Industry (PCI) Data Security Standard supported by all the major credit card associations including: American Express, Diners Club, Discover, JCB, MasterCard International, Visa International and Visa USA.

Based upon information provided by ATMDirect regarding its policies, procedures, and technical systems that process and/or transmit cardholder data, and the TrustKeeper scan of those systems, ATMDirect has performed the required procedures to validate compliance with the PCI Data Security Standard.

Pay By Touch uses a patent-pending process to safely encrypt PIN Debit Numbers by allowing the user to enter them with their mouse instead of key strokes. The box on the left comes up and the user clicks the first digit of their existing (no new PIN numbers required) Personal Identification Number. The box then shuffles the numbers and the user repeats the process with the second, third and fourth digit of their PIN numbers. By allowing the user to use their mouse, and by shuffling the numbers after each entry, keyloggers cannot hack into the user's keystrokes as they enter their PIN number.

Friday, June 16, 2006

PIN-Debit is the card your bank issued to you, usually with a checking account, that you use to withdraw cash from ATMs or in conjunction with purchases at the point-of-sale. It is also known as an "ATM card" or "debit card". PIN-Debit is one of the most secure forms of payment because the Personal Identification Number (PIN) is known only to you and providing or entering it when making a transaction proves that it is you using your debit card.

What is my PIN?

Your PIN is a four- or six-digit Personal Identification Number that is issued to you by your bank, or selected by you either during or after receiving a card. Your PIN is a secret number that is known only to you. Since it is known only to you, and is very difficult to guess (it could take thousands of tries to guess a 4-digit PIN, and most systems would suspend the account or alert the account-holder after 3 unsuccessful tries) the PIN offers substantive protection with a minimum of effort or inconvenience.

As a rule, you should never share your PIN number with anyone else-even family members. You should never put your PIN into an email or letter or respond to anyone asking you for it. If you feel that someone else might know your PIN, you should work with your bank or credit union to get it changed at your earliest convenience.

What is Internet PIN-Debit?

ATM Direct delivers a suite of highly sophisticated security mechanisms to protect the PIN, identify the user and input device and ensure the uniqueness of the transaction. These mechanisms enable you to make purchases at participating e-commerce merchants in a safe, secure and completely private manner. You can now purchase on the Internet using PIN-Debit just like you can at many brick-and-mortar stores.

In fact, because he PIN provides assurance that it is you using your card and no one else, it is safer than any other type of transaction and helps prevent fraud.

How does PIN-Debit protect me?

When you correctly enter your PIN during a purchase at a participating online merchant, you confirm that you are the authorized cardholder and associated both with the device interacting with the merchant's website and the transaction for which a payment authorization is being requested. The PIN is entered into a secure, constantly-moving PINpad window and passed to ATM Direct for verification (called authentication). Once authenticated, the request for payment authorization is relayed via the Electronic Funds Transfer networks (e.g., STAR, Pulse, NYCE, Accel/Exchange to the card issuer for a check and hold on funds for the amount requested. If an incorrect PIN is entered for the card account by the user, the purchase will not be completed (and the user will be directed to try another method of payment..

How secure is Internet PIN-debit?

Internet PIN-Debit by ATM Direct meets or exceeds industry standards for security for PIN-Debit processing. ATM Direct has been audited and certified by EFT networks and by third-party EFT security experts. ATM Direct uses the most advanced authentication, encryption and security technologies in the industry to secure your computer, transaction and account.

Why should I use Internet PIN-Debit?

Many online shoppers are uncomfortable using their signature-based credit and debit cards online because-after all-signatures were made for face-to-face use in physical locations. Still other consumers don't have access to these cards or sufficient credit lines, to shop with them online. But most consumers know that PIN-secured debit cards are the safest means of transacting. So Internet PIN-Debit provides extra protection for you for when you are shopping online. No one knows your PIN but you!

Internet PIN-Debit is just as easy as using your PIN-debit card at a brick-and-mortar retail store such as your local supermarket or drugstore. The only difference is that Internet PIN-debit can be used at participating online e-commerce merchants. So consumers now have the ability to control on a pay-as-you-go basis the use and timing of when their funds can effect a purchase; no bills or interest charges down the road, no surprise NSFs (from overdrawing from accounts with signature-debit cards) andWill I need to apply for a new card or PIN to use Internet PIN-debit?

Internet PIN-Debit is quick and easy to use. Nothing changes on the merchant's online store site or the merchant's purchase process. When you go through checkout at a participating online store, and present a valid Debit or ATM card our Internet PIN-Debit PIN-pad will activate to allow you to securely select your PIN number.

The process secures your personal computer and then display’s a PINpad. This PINpad "floats" around the PC or mobile device screen, and presents the numbers in a randomized order for each of the four digits entered, using your mouse to click on the correct digits, instead of your keyboard. This mechanism frustrates most malware programs, such as "keyboard sniffers" or viruses that try to steal private information such as log-in credentials. Once you have entered your PIN (usually 4 digits) and selected "Continue" in the accompanying box, your information is securely sent to us (and not the merchant). We request an authorization from the issuer of the card, and that decision is passed back to the merchant.

Can I get a separate card and PIN for everyone in my family or can I get a special card and PIN for the Internet if I want to?

Sure, just contact any participating bank or credit union. You can find out whether your bank or credit union participates either on the ATM Direct or participating Electronic Funds Transfer network (e.g., STAR, Pulse, NYCE, Accel/Exchange, etc.) websites, your financial institution's website, or by just entering in your 16-digit Primary Account Number (PAN) after clicking the ATM Debit payment method option. If your current FI is not participating, please let them know you would like your card enabled for Internet PIN-debit!

Can I use Internet PIN-debit from any computer?

You can use Internet PIN-Debit from any of your personal computers if the browser supports 128-bit encryption. This may be at home, at work or on your lap-top when you travel. We do not allow Internet PIN-debit from public computers. You should never enter any personal information, bank account information or credit card information on a public personal computer that you do not know whether it is secure or not.

We use special software to be sure that your computer is secure and safe to use. Once you download our software and personalize your PIN-pad, you simply shop as you usually do. We do not use pop-ups so you can still use your existing anti-virus, firewall and pop-up blockers like you always do. We only support personal computers running Microsoft Windows at this time.Can I use more than one debit card?

Yes, you can use any or all of your debit cards with their PINs as long as the bank or credit union that issued them is participating in Internet PIN-Debit. There are no additional steps to take to use additional cards.

I have a pop-up blocker on my computer. Will Internet PIN-debit still work for me?

Yes, Internet PIN-Debit is not affected by pop-up blockers.

I have a virus checker with a firewall installed. Will Internet PIN-debit still work for me?

Yes, but you are likely to get a notice the first time the software accesses the internet, simply "Grant" access to insure successful operation.How can I change my PIN?

Contact your bank or credit union; they issued your card and have the facilities to change a PIN.

When will the money be taken out of my account?

Most financial institutions put a hold on and/or take the money out of your account immediately. In some cases, funds may be taken out later that same day.

What if I do not have enough money in my account?

If your transaction is declined from your bank for insufficient funds, the merchant will give you an opportunity to use another account or card to complete the transaction.

Are there any minimum and maximum payment amounts?

These floors and ceilings are set by the financial institution that issues your card..

Security Alert - E-mail hoaxes, Phishing and Pharming

Fraudsters use a variety of techniques to collect banking account information from consumers. You should always be on your guard against fraudulent emails and websites that might ask you for confidential information like your card and PIN number.We will never contact you via email and ask you to supply us with any financial data like your credit card details, or your PIN. If you think you've received a fraudulent email, or directed to a fraudulent website, please let us know, forward the details to phishing@ATMDirect.com

I'm concerned I may have provided my personal details on a hoax e-mail, what should I do?

Call your bank or credit union immediately. Check your statements carefully for any fraudulent activity on your card, and report any suspicious activity as soon as possible to your bank or credit union.

How do you change or update my software?

If we need to update our software on your machine, we will automatically update it the next time you use it.

How much does it cost me to get it and to use it?

Internet PIN-Debit costs you, the consumer, nothing to obtain and use this software. It's free!If I have additional questions about Internet PIN-Debit, who can I contact?